﻿using System;
using System.Security.Cryptography.X509Certificates;
using System.ServiceModel;
using System.Web.Configuration;
using Microsoft.IdentityModel.Claims;
using Microsoft.IdentityModel.Configuration;
using Microsoft.IdentityModel.Protocols.WSTrust;
using Microsoft.IdentityModel.SecurityTokenService;

namespace CodeCounsel.SharePoint2010.DigiD
{
    class DigiDSecurityTokenService
        : SecurityTokenService
    {
        string _userID;

        public DigiDSecurityTokenService(DigiDSecurityTokenServiceConfiguration configuration, string userID)
            : base(configuration)
        {
            _userID = userID;
        }

        protected override IClaimsIdentity GetOutputClaimsIdentity(
            IClaimsPrincipal principal, RequestSecurityToken request, Scope scope)
        {
            ClaimsIdentity identity = new ClaimsIdentity();
            identity.Claims.Add(new Claim(System.IdentityModel.Claims.ClaimTypes.Name, _userID));            
            return identity;
        }

        protected override Scope GetScope(IClaimsPrincipal principal, RequestSecurityToken request)
        {
            ValidateAppliesTo(request.AppliesTo);
            Scope scope = new Scope(request.AppliesTo.Uri.OriginalString, 
                SecurityTokenServiceConfiguration.SigningCredentials);
            scope.TokenEncryptionRequired = false;
            scope.ReplyToAddress = request.ReplyTo;
            return scope;
        }

        void ValidateAppliesTo(EndpointAddress endpointAddress)
        {
            // Todo: implement this

        }
    }
}
